[Secure-testing-commits] r16555 - data/CVE
Kees Cook
kees at alioth.debian.org
Wed Apr 20 00:11:29 UTC 2011
Author: kees
Date: 2011-04-20 00:11:22 +0000 (Wed, 20 Apr 2011)
New Revision: 16555
Modified:
data/CVE/list
Log:
NFUs: 43; fix syntax error
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-04-19 23:02:38 UTC (rev 16554)
+++ data/CVE/list 2011-04-20 00:11:22 UTC (rev 16555)
@@ -1,5 +1,11 @@
+CVE-2011-1717
+ NOT-FOR-US: Skype for Android
+CVE-2011-1715
+ NOT-FOR-US: QooxDoo
+CVE-2011-1714
+ NOT-FOR-US: QooxDoo
CVE-2011-1713 (Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2011-1712 (The txXPathNodeUtils::getXSLTId function in ...)
TODO: check
CVE-2011-1711
@@ -74,9 +80,9 @@
{DSA-2220-1}
- request-tracker3.8 3.8.10-1 (bug #622774)
CVE-2011-1683 (IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1682 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpList ...)
- TODO: check
+ NOT-FOR-US: phpList
CVE-2011-1684 [VideoLAN-SA-1103]
RESERVED
{DSA-2218-1}
@@ -105,13 +111,13 @@
CVE-2011-1672 (The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier ...)
NOT-FOR-US: Dell KACE K2000 Systems Deployment Appliance
CVE-2011-1671 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Tracks
CVE-2011-1670 (Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra ...)
NOT-FOR-US: InTerra
CVE-2011-1669 (Directory traversal vulnerability in wp-download.php in WP Custom ...)
- TODO: check
+ NOT-FOR-US: WP Custom Pages module for WordPress
CVE-2011-1668 (Cross-site scripting (XSS) vulnerability in search.php in AR Web ...)
- TODO: check
+ NOT-FOR-US: AR Web Content Manager
CVE-2011-1667 (SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows ...)
NOT-FOR-US: Anzeigenmarkt
CVE-2011-1666 (Metaways Tine 2.0 allows remote attackers to obtain sensitive ...)
@@ -119,15 +125,15 @@
CVE-2011-1665 (PHPBoost 3.0 stores sensitive information under the web root with ...)
NOT-FOR-US: PHPBoost
CVE-2011-1664 (Cross-site request forgery (CSRF) vulnerability in Translation ...)
- TODO: check
+ NOT-FOR-US: Translation Management module for Drupal
CVE-2011-1663 (SQL injection vulnerability in Translation Management module 6.x ...)
- TODO: check
+ NOT-FOR-US: Translation Management module for Drupal
CVE-2011-1662 (Cross-site scripting (XSS) vulnerability in Translation Management ...)
- TODO: check
+ NOT-FOR-US: Translation Management module for Drupal
CVE-2011-1661 (The Node Quick Find module 6.x-1.1 for Drupal does not use ...)
- TODO: check
+ NOT-FOR-US: Node Quick Find module for Drupal
CVE-2011-1660 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: GrapeCity Data Dynamics Reports
CVE-2011-1659 (Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or ...)
TODO: check
CVE-2011-1658 (ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier ...)
@@ -137,25 +143,25 @@
CVE-2011-1656
RESERVED
CVE-2011-1655 (The management.asmx module in the Management Web Service in the ...)
- TODO: check
+ NOT-FOR-US: CA Total Defense
CVE-2011-1654 (Directory traversal vulnerability in the Heartbeat Web Service in ...)
- TODO: check
+ NOT-FOR-US: CA Total Defense
CVE-2011-1653 (Multiple SQL injection vulnerabilities in the Unified Network Control ...)
- TODO: check
+ NOT-FOR-US: CA Total Defense
CVE-2011-1652 (** DISPUTED ** The default configuration of Microsoft Windows 7 ...)
NOT-FOR-US: Microsoft Windows 7
CVE-2010-4784 (Multiple SQL injection vulnerabilities in member.php in PHP Web ...)
- TODO: check
+ NOT-FOR-US: PHP Web Scripts Easy Banner Free
CVE-2010-4783 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
NOT-FOR-US: PHP Web Scripts Easy Banner Free
CVE-2010-4782 (Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal ...)
NOT-FOR-US: Softwebs Nepal Ananda Real Estate
CVE-2010-4781 (index.php in Enano CMS 1.1.7pl1, and possibly other versions before ...)
- TODO: check
+ NOT-FOR-US: Enano CMS
CVE-2010-4780 (SQL injection vulnerability in the check_banlist function in ...)
NOT-FOR-US: Enano CMS
CVE-2010-4779 (Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php ...)
- TODO: check
+ NOT-FOR-US: WPtouch plugin for WordPress
CVE-2011-1651
RESERVED
CVE-2011-1650
@@ -806,7 +812,7 @@
CVE-2011-1427 (Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite ...)
NOT-FOR-US: Kodak InSite
CVE-2011-1426
- RESERVED
+ NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-1425 (xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in ...)
{DSA-2219-1}
- xmlsec1 1.2.14-1.1 (bug #620560)
@@ -1414,7 +1420,7 @@
RESERVED
- linux-2.6 <unfixed>
CVE-2011-1179
- RESERVED
+ NOT-FOR-US: SPICE Firefox plug-in
CVE-2011-1178
RESERVED
CVE-2011-1177
@@ -1943,7 +1949,7 @@
CVE-2011-1028
RESERVED
CVE-2011-1027 (Off-by-one error in the convert_query_hexchar function in html.c in ...)
- TODO: check
+ NOT-FOR-US: cgit
CVE-2011-1026
RESERVED
CVE-2011-1025 (bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require ...)
@@ -2011,8 +2017,8 @@
RESERVED
CVE-2011-1008 (Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not ...)
- request-tracker3.8 3.8.10-1 (bug #614576)
- [squeeze] - request-tracker3.8 3.8.8-7+squeeze1
- [lenny] - request-tracker3.6 3.6.7-5+lenny6
+ [squeeze] - request-tracker3.8 3.8.8-7+squeeze1
+ [lenny] - request-tracker3.6 3.6.7-5+lenny6
CVE-2011-1007 (Best Practical Solutions RT before 3.8.9 does not perform certain ...)
- request-tracker3.6 <removed>
- request-tracker3.8 3.8.10-1
@@ -2670,9 +2676,9 @@
CVE-2011-0761
RESERVED
CVE-2011-0760 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: WP Related Posts plugin for WordPress
CVE-2011-0759 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Recaptcha plugin for WordPress
CVE-2010-4727 (Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> ...)
- smarty3 <unfixed>
- smarty <unfixed>
@@ -2727,13 +2733,13 @@
- php5 5.3.3-7 (unimportant)
NOTE: Only exploitable with malicious script
CVE-2011-0751 (Directory traversal vulnerability in nhttpd (aka Nostromo webserver) ...)
- TODO: check
+ NOT-FOR-US: Nostromo webserver
CVE-2011-0750
RESERVED
CVE-2011-0749
RESERVED
CVE-2011-0748 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpList ...)
- TODO: check
+ NOT-FOR-US: phpList
CVE-2011-0747
RESERVED
CVE-2011-0746 (Cross-site request forgery (CSRF) vulnerability in ...)
@@ -2814,7 +2820,6 @@
NOT-FOR-US: Joomla Lyftenbloggie addon
CVE-2011-0720 (Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, ...)
- plone3 <removed>
- TODO: check
CVE-2011-0719 (Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 ...)
{DSA-2175-1}
- samba 2:3.5.7~dfsg-1
@@ -2988,7 +2993,7 @@
CVE-2011-0664
RESERVED
CVE-2011-0663 (Multiple integer overflows in the Microsoft (1) JScript 5.6 through ...)
- TODO: check
+ NOT-FOR-US: Microsoft JScript
CVE-2011-0662 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
NOT-FOR-US: Microsoft Windows
CVE-2011-0661 (The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows ...)
@@ -3503,11 +3508,11 @@
CVE-2011-0469
RESERVED
CVE-2011-0468 (The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and ...)
- TODO: check
+ NOT-FOR-US: OpenSUSE aaa_base package
CVE-2011-0467
RESERVED
CVE-2011-0466 (The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and ...)
- TODO: check
+ NOT-FOR-US: openSUSE Build Service
CVE-2011-0465 (xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote ...)
{DSA-2213-1}
- x11-xserver-utils 7.6+2 (low; bug #621423)
@@ -3518,9 +3523,9 @@
CVE-2011-0463 (The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the ...)
TODO: check
CVE-2011-0462 (Multiple cross-site scripting (XSS) vulnerabilities in the login page ...)
- TODO: check
+ NOT-FOR-US: openSUSE Build Service
CVE-2011-0461 (/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 ...)
- TODO: check
+ NOT-FOR-US: OpenSUSE aaa_base package
CVE-2011-0460
RESERVED
CVE-2011-0459
@@ -3528,7 +3533,7 @@
CVE-2011-0458 (Untrusted search path vulnerability in the Locate on Disk feature in ...)
NOT-FOR-US: Google Picasa
CVE-2011-0457 (Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2011-0456 (Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote ...)
TODO: check
CVE-2011-0455 (Cross-site scripting (XSS) vulnerability in Things BBS before 2.0.3 ...)
@@ -3920,7 +3925,7 @@
CVE-2011-0287
RESERVED
CVE-2011-0286
- RESERVED
+ NOT-FOR-US: BlackBerry Enterprise Server
CVE-2010-4692 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4691 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
@@ -4379,7 +4384,7 @@
CVE-2011-0196
RESERVED
CVE-2011-0195 (The generate-id XPath function in libxslt in Apple iOS 4.3.x before ...)
- TODO: check
+ NOT-FOR-US: Apple iOS
CVE-2011-0194 (Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 ...)
NOT-FOR-US: Apple Mac OS
CVE-2011-0193 (Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 ...)
@@ -4457,9 +4462,9 @@
CVE-2011-0160 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...)
TODO: check
CVE-2011-0159 (The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does ...)
- TODO: check
+ NOT-FOR-US: Safari in Apple iOS
CVE-2011-0158 (MobileSafari in Apple iOS before 4.3 does not properly implement ...)
- TODO: check
+ NOT-FOR-US: MobileSafari in Apple iOS
CVE-2011-0157 (WebKit, as used in Apple iOS before 4.3, allows remote attackers to ...)
TODO: check
CVE-2011-0156 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
@@ -4721,7 +4726,7 @@
[wheezy] - pango1.0 1.28.3-1+squeeze2
[lenny] - pango1.0 <not-affected> (introduced in code cleanup)
CVE-2011-0063 (The _list_file_get function in lib/Majordomo.pm in Majordomo 2 ...)
- TODO: check
+ NOT-FOR-US: Majordomo
CVE-2011-0062 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- xulrunner <not-affected> (Only affects Firefox 3.6, not yet in unstable)
- iceweasel <not-affected> (Only affects Firefox 3.6, not yet in unstable)
@@ -5179,7 +5184,7 @@
- tomcat6 6.0.28-10 (bug #612257)
[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2011-0012
- RESERVED
+ NOT-FOR-US: SPICE Firefox plug-in
CVE-2011-0011 [qemu-kvm: Setting VNC password to empty string silently disables all authentication]
RESERVED
- qemu <unfixed> (unimportant; bug #611134)
@@ -5979,7 +5984,7 @@
CVE-2010-4230 (Stack-based buffer overflow in a certain ActiveX control for the ...)
NOT-FOR-US: Camtron, TecVoz
CVE-2010-4229
- RESERVED
+ NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2010-4228 (Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP ...)
NOT-FOR-US: Novell NetWare
CVE-2010-4227 (The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before ...)
@@ -6685,7 +6690,7 @@
CVE-2010-3959 (The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, ...)
NOT-FOR-US: Microsoft Windows
CVE-2010-3958 (The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, ...)
- TODO: check
+ NOT-FOR-US: Microsoft .NET Framework
CVE-2010-3957 (Double free vulnerability in the OpenType Font (OTF) driver in ...)
NOT-FOR-US: Microsoft Windows
CVE-2010-3956 (The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, ...)
@@ -14633,7 +14638,7 @@
- dbus-glib 0.88-1 (low; bug #592753)
[lenny] - dbus-glib <no-dsa> (Minor issue)
CVE-2010-1171
- RESERVED
+ NOT-FOR-US: Red Hat Network Satellite Server
CVE-2010-1170 (The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before ...)
{DSA-2051-1}
- postgresql-8.4 8.4.4-1 (low)
@@ -30488,7 +30493,7 @@
CVE-2009-0789 (OpenSSL before 0.9.8k on WIN64 and certain other platforms does not ...)
- openssl <not-affected> (only non-Debian architectures affected)
CVE-2009-0788
- RESERVED
+ NOT-FOR-US: Red Hat Network Satellite Server
CVE-2009-0787 (The ecryptfs_write_metadata_to_contents function in the eCryptfs ...)
- linux-2.6 2.6.29-1 (medium; bug #529326)
[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
More information about the Secure-testing-commits
mailing list